Logstash Geoip does not output coordinates as expected

Question

I'm trying to set long and lat for the Kibana Bettermap using Geoip. I'm using Logstash 1.4.2 and Elasticsearch 1.1.1 and the following is my configuration file:

input
{
   stdin { }
}

filter
{
   geoip
   {
     source => "ip"
   }
}

output
{
  elasticsearch { host => localhost }
  stdout { codec => rubydebug }
}

When I send the following example ip address:

"ip":"00.00.00.00"

The result is as follows:

{
      "message" => "\"ip\":\"00.000.00.00\"",
      "@version" => "1",
      "@timestamp" => "2014-10-20T22:23:12.334Z",
}

As you can see, no geoip coordinates, and nothing on my Kibana Bettermap. What can I do to get this Bettermap to work?

Answer 1

You aren't parsing the message... Either add codec => json to your stdin and send in {"ip":"8.8.8.8"} or use a grok filter to parse your input:

grok { match => ['message', '%{IP:ip}' ] }